SAP Security Online - R/3 Security


	R/3 Security
		Tips n Tricks
		Tables
		Tcodes
		Audit Check
	BW Security
	Enterprise Portal
	CUA
	Single Sign On
	SOX/ SoD
	OSS
	HR Security
	Other SAP Apps
	Solution Manager
	Interview Questions

Amazon.com Widgets

R/3 Security

Derived Role
Composite Role
User Type
Profile parameter
NewPassword rules
Authorization Analysis
Authorization Checks Starting SAP Transactions

Introduction on Authorizations

Authorization objects enable complex checks of an authorization, which allows a user to carry out an action. An authorization object can group up to 10 authorization fields that are checked in an AND relationship.
For an authorization check to be successful, all field values of the authorization object must be maintained accordingly. The fields in an object should not be seen as input fields on a screen. Instead, fields should be regarded as system elements, such as infotypes, which are to be protected.
You can define as many system access authorizations as you wish for an object by creating a number of allowed values for the fields in an object. These value sets are called authorizations. The system checks these authorizations in OR relationships.

Troubleshooting authorization in SAP R/3.
When you encounter errors during testing of roles, you can use SU53 and ST01 to analyze the error.

Ask the user to run SU53 to display the result of the last failed authorization. It is important the user run SU53 immediately after failed authorization check, as only the last object the failed the authorization check is saved.
You can run trace using ST01 to further analyze the error. For more detail follow the link…

Audit Information System
The Audit Information System (AIS) has been developed to provide internal and external auditors, Security Administrators and those with data protection and controlling responsibilities with a tool to assist in understanding and completing required tasks in the complex SAP environment.

The SAP Audit Information System (AIS) provides a centralized repository for reports, queries, and views of data that have a control implication. AIS was first available for SAP R/3 Version 3.0D, and is delivered as standard in SAP R/3 Versions 4.6 and above. AIS is provided at no additional cost from SAP, and allows an auditor or manager to work online in the production system on a real time basis......More

Emergency Role (Firefighting)
How good you do your security there may come a time when user might need emergency authorizations. Such authorization can be necessary in exceptional situations. It could be a month end close, which got closed before the month end.
Virsa provides tool called firefighter, which can help you.

First you have to define what is an emergency for your company. You might have to create roles for these emergencies, and also define the time frame this role will be assigned to users. You might have to define an approval procedure for this. Hoe is this going to be audited. Work with your audit team to make sure they are ok with the process

Shortcut to create role with many reports /tcode
Once I had couple of roles which where made just t hold reports. The number of reports where huge. Here is how I did it.
First create a CATT script with a dummy role and add one tcode. Make the role and T-code as variant. Once you have this you can add any number of tcode to any existing role. Icould resuse this tocreate another roles where I had to insert lot of T-codes.

Project Phases .. Please follow the link for detail on project phases

Recommended Books - Click on the books to directly purchase from Amazon

SAP Help | SAP Service Market Place | SAP SDN